Skip to main content
SpringerLink
Log in

High Assurance Software Lessons and Techniques

  • Chapter
Handbook of FPGA Design Security

  • 2490 Accesses

Abstract

To understand the principles needed to manage security in FPGA designs, this chapter presents lessons learned from the development of high assurance systems. These principles include risk assessment, threat models, policy enforcement, lifecycle management, assessment criteria, configuration control, and development environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    “Quis custodiet ipsos custodies?” (“Who guards the guardians?”)—Juvenal, Satires VI.347.

  2. 2.

    For the purpose of this discussion, the two terms are considered to be equivalent.

  3. 3.

    The term security functionality is based on the term TOE Security Functionality (TSF) which is defined in the CC as a set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the security functional requirements [23].

  4. 4.

    Where program could be a module, component, monolithic system, or distributed system.

References

  1. S. Adee, The hunt for the kill switch. IEEE Spectrum 45(5), 34–39 (2008)

    Article  Google Scholar 

  2. P. Ammann, R.S. Sandhu, The extended schematic protection model. J. Comput. Secur. 1(3, 4), 335–385 (1992)

    Google Scholar 

  3. J.P. Anderson, Computer security technology planning study. Tech. Rep. ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, 1972. Also available as vol. I, DITCAD-758206. Vol. II, DITCAD-772806

    Google Scholar 

  4. E.A. Anderson, C.E. Irvine, R.R. Schell, Subversion as a threat in information warfare. J. Inf. Warfare 3(2), 52–65 (2004)

    Google Scholar 

  5. M.J. Bach, The Design of the UNIX Operating System (Prentice Hall, Inc., Englewood Cliffs, 1986)

    Google Scholar 

  6. T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S.K.R. Jamani, A. Ustuner, Thorough static analysis of device drivers. SIGOPS Oper. Syst. Rev. 40(4), 73–85 (2006)

    Article  Google Scholar 

  7. D.E. Bell, L. LaPadula, Secure computer system: unified exposition and multics interpretation. Tech. Rep. ESD-TR-75-306, MITRE Corp., Hanscom AFB, MA, 1975

    Google Scholar 

  8. D.E. Bell, L. LaPadula, Secure computer systems: mathematical foundations and model. Tech. Rep. M74-244, MITRE Corp., Bedford, MA, 1973

    Google Scholar 

  9. K.J. Biba, Integrity considerations for secure computer systems. Tech. Rep. ESD-TR-76-372, MITRE Corp., 1977

    Google Scholar 

  10. E.W. Bobert, On the inability of an unmodified capability machine to enforce the *-property, in Proceedings DoD/NBS Computer Security Conference, September 1984, pp. 291–293

    Google Scholar 

  11. G. Boolos, R. Jeffrey, Computability and Logic (Cambridge University Press, Cambridge, 1974)

    MATH  Google Scholar 

  12. CCEVS, Publication #4: guidance to CCEVS approved Common Criteria testing laboratories, version 2.0. National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme, September 2008

    Google Scholar 

  13. CCEVS, Publication #1: organization, management and concept of operations, version 2.0. National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme, September 2008

    Google Scholar 

  14. CCMB, Common Criteria for information technology security evaluation, revision 3.1, revision 1, no. CCMB-2006-09-001. Common Criteria Maintenance Board, September 2006

    Google Scholar 

  15. B.E. Chelf, S.A. Hallem, A.C. Chou, Systems and methods for performing static analysis on source code. US Patent 7,340,726, Coverity, Inc., 2008

    Google Scholar 

  16. H. Chen, D. Wagner, MOPS: an infrastructure for examining security properties of software, in Proc. 9th ACM Conf. Computer and Communications Security (CCS 02)

    Google Scholar 

  17. B. Chess, G. McGraw, Static analysis for security. IEEE Secur. Priv. 2, 76–79 (2004)

    Google Scholar 

  18. S. Christy, R.A. Martin, Vulnerability type distributions in CVE. http://cve.mitre.org/docs/vuln-trends/index.html, May 2007

  19. J.P.A. Co, Computer security threat monitoring and surveillance. Tech. Rep., James P. Anderson Co., Fort Washington, PA 19034, February 1980

    Google Scholar 

  20. Committee on National Security Systems, NSTISSP no. 11, revised fact sheet. National Information Assurance Acquisition Policy, July 2003

    Google Scholar 

  21. Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 3: security assurance components, version 2.3, CCMB-2005-08-003. Common Criteria Maintenance Board, August 2005

    Google Scholar 

  22. Common Criteria Development Board, The application of CC to integrated circuits, version 2.0, revision 1, CCDB-2006-04-003. Supporting document, mandatory technical document. Common Criteria Development Board, April 2006

    Google Scholar 

  23. Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 1: introduction and general model, version 3.1, revision 1, CCMB-2006-09-001. Common Criteria Maintenance Board, September 2006

    Google Scholar 

  24. Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 2: security functional components, version 3.1, revision 2, CCMB-2007-09-002. Common Criteria Maintenance Board, September 2007

    Google Scholar 

  25. Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, part 3: security assurance components, version 3.1, revision 2, CCMB-2007-09-003. Common Criteria Maintenance Board, September 2007

    Google Scholar 

  26. Common Criteria Maintenance Board, Common Criteria for information technology security evaluation, evaluation methodology, version 3.1, revision 2, CCMB-2007-09-004. Common Criteria Maintenance Board, September 2007

    Google Scholar 

  27. M.A. Cusumano, Who is liable for bugs and security flaws in software? Commun. ACM 47, 25–27 (2004)

    Google Scholar 

  28. M. Das, S. Lerner, M. Seigle, ESP: path-sensitive program verification in polynomial time, in PLDI 02: Programming Language Design and Implementation, June 2002, pp. 57–68

    Google Scholar 

  29. P.J. Denning, Virtual memory. ACM Comput. Surv. 2(3), 153–189 (1970)

    Article  MATH  Google Scholar 

  30. D.E. Denning, A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  31. D.E. Denning, An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987)

    Article  Google Scholar 

  32. J.B. Dennis, E.C.V. Horn, Programming semantics for multiprogrammed computations. Commun. ACM 9(3), 143–155 (1966)

    Article  MATH  Google Scholar 

  33. DigitalNet Government Solutions, Security target version 1.7 for XTS-6.0.E, March 2004

    Google Scholar 

  34. P. Eggert, D. Cooper, S. Eckmann, J. Gingerich, S. Holtsberg, N. Kelem, R. Martin, FDM user guide. No. TM-8486/000/04, Reston, VA: Unisys Corporation, June 1992

    Google Scholar 

  35. European Commission, Biometrics at the frontiers: assessing the impact on society. Tech. Rep., European Commission Joint Research Center (DG JRC), Institute for Prospective Technological Studies, 2005

    Google Scholar 

  36. R. Fabry, Capability-based addressing. Commun. ACM 17, 403–412 (1974)

    Article  Google Scholar 

  37. R. Fitzgerald, trans. Homer: The Odyssey (Vintage, New York, 1961)

    Google Scholar 

  38. L.J. Fraim, Scomp: a solution to the multilevel security problem. Computer 16, 26–34 (1983)

    Article  Google Scholar 

  39. J. Goguen, J. Meseguer, Security policies and security models, in Proc. of 1982 IEEE Symposium on Security and Privacy, Oakland, CA (IEEE Comput. Soc., Los Alamitos, 1982), pp. 11–20

    Google Scholar 

  40. G.S. Graham, P.J. Denning, Protection—principles and practice, in Proceedings of the Spring Joint Computer Conference, May 1972, pp. 417–429

    Google Scholar 

  41. I. Hadzic, S. Udani, J. Smith. FPGA viruses, in Proceedings of the Ninth International Workshop on Field-Programmable Logic and Applications (FPL’99), Glasgow, UK, August 1999

    Google Scholar 

  42. M. Harrison, W. Ruzzo, J. Ullman, Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  43. J.L. Hennessy, D.A. Patterson, Computer Architecture: A Quantitative Approach, 4th edn. (Morgan Kaufmann, San Mateo, 2006)

    MATH  Google Scholar 

  44. C.A.R. Hoare, Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  45. J. Horton, R. Harland, E. Ashby, R.H. Cooper, W.F. Hyslop, B. Nickerson, W.M. Stewart, O. Ward, The cascade vulnerability problem, in Proceedings IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1993, pp. 110–116

    Google Scholar 

  46. IAD (Information Assurance Directorate), US Government protection profile for separation kernels in environments requiring high robustness. National Information Assurance Partnership, version 1.03 edn., 29 June 2007

    Google Scholar 

  47. Intel, Intel 64 and IA32 architectures software developer’s manual, vol. 3A: system programming guide, part 1. Intel Corporation, Denver, CO, 253668-022us edn., November 2006

    Google Scholar 

  48. D. Jackson, Software Abstractions: Logic, Language, and Analysis (MIT Press, Cambridge, 2006)

    Google Scholar 

  49. A.K. Jain, S. Pankanti, S. Prabhakar, L. Hong, A. Ross, J.L. Wayman, Biometrics: a grand challenge, in Proceedings of the 17th International Conference on Pattern Recognition, August 2004, pp. 935–942

    Google Scholar 

  50. M.J. Kaminskas, Risk Assessment/Risk Management. Building Design for Homeland Security, vol. 5. FEMA, Risk Management Series ed. (2007). http://www.fema.gov/library/viewRecord.do?id=1939

  51. P.A. Karger, Improving security performance for capability systems. Ph.D. thesis, University of Cambridge, Cambridge, England, 1988

    Google Scholar 

  52. P. Karger, A.J. Herbert, An augmented capability architecture to support lattice security and traceability of access, in Proceedings 1984 IEEE Symposium on Security and Privacy, Oakland, CA (IEEE Comput. Soc., Los Alamitos, 1984), pp. 2–12

    Google Scholar 

  53. P.A. Karger, R.R. Schell, Multics security evaluation: vulnerability analysis. Tech. Rep. ESD-TR-74-193, vol. II, HQ Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731, June 1974

    Google Scholar 

  54. M. Kaufmann, J. Moore, An industrial strength theorem prover for a logic based on common Lisp. IEEE Trans. Softw. Eng. 23(4), 203–213 (1997)

    Article  Google Scholar 

  55. G.H. Kim, E.H. Spafford, The design and implementation of Tripwire: a file system integrity checker, in Proceedings of the 2nd ACM Conference on Computing and Communications Security (CCS), Fairfax, VA, November 1994

    Google Scholar 

  56. P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems, in Proceedings of the 16th Annual International Cryptology Conference (CRYPTO), Santa Barbara, CA, August 1996

    Google Scholar 

  57. M. Kurdziel, J. Fitton, Baseline requirements for government and military encryption algorithms, in MILCOM, vol. 2, Oct. 2002, pp. 1491–1497

    Google Scholar 

  58. L. Lack, Using the bootstrap concept to build an adaptable and compact subversion artifice. Master’s thesis, Naval Postgraduate School, Monterey, CA, June 2003

    Google Scholar 

  59. B.W. Lampson, Protection, in Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, NJ, 1971

    Google Scholar 

  60. B.W. Lampson, A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)

    Article  Google Scholar 

  61. C.E. Landwehr, Formal models for computer security. ACM Comput. Surv. 13(3), 247–278 (1981)

    Article  Google Scholar 

  62. K. Lee, L. Sha, Process resurrection: a fast recovery mechanism for real-time embedded systems, in Proceedings of 11th IEEE Real Time and Embedded Technology and Applications Symposium 2005 (RTAS 2005), March 2005, pp. 292–301

    Google Scholar 

  63. T.E. Levin, C.E. Irvine, T.D. Nguyen, Least privilege in separation kernels, in E-business and Telecommunication Networks; Third International Conference, ed. by J. Filipe, M.S. Obaidat. ICETE 2006, Set’ubal, Portugal, 7–10 August 2006. Communications in Computer and Information Science, vol. 9 (Springer, Berlin, 2008)

    Google Scholar 

  64. T.E. Levin, C.E. Irvine, C. Weissman, T.D. Nguyen, Analysis of three multilevel security architectures, in Proceedings 1st Computer Security Architecture Workshop, Fairfax, VA, November 2007, pp. 37–46

    Google Scholar 

  65. H.M. Levy, Capability-based Computer Systems (Digital Press, Bedford, 1984)

    Google Scholar 

  66. S. Lipner, The trustworthy computing security development lifecycle, in Proceedings 20th Annual Computer Security Applications Conference (IEEE Comput. Soc., Los Alamitos, 2004), pp. 2–13

    Chapter  Google Scholar 

  67. Lockheed-Martin/The Open Group, Protection Profile for PKS in environments requiring high robustness. Draft Version 1.3, submittal for NSA approval, 09 June 2003. http://www.csds.uidaho.edu/pp/PKPP1_3.pdf. Last accessed: 15 March 2009

  68. T.F. Lunt, Access control policies: some unanswered questions. Comput. Secur. 8, 43–54 (1989)

    Article  Google Scholar 

  69. T.F. Lunt, P.G. Neumann, D.E. Denning, R.R. Schell, M. Heckman, W.R. Shockley, Secure distributed data views security policy and interpretation for DMBS for a Class A1 DBMS. Tech. Rep. RADC-TR-89-313, vol. I, Rome Air Development Center, Griffiss, Air Force Base, NY, December 1989

    Google Scholar 

  70. J. McLean, Security models and information flow, in Proceedings of the IEEE Symposium on Security and Privacy (IEEE Comput. Soc., Los Alamitos, 1990), pp. 180–189

    Google Scholar 

  71. J. Millen, The cascading problem for interconnected networks, in Fourth Aerospace Computer Security Applications Conference, 1988, pp. 269–273

    Google Scholar 

  72. J. Murray, An exfiltration subversion demonstration. Master’s thesis, Naval Postgraduate School, Monterey, CA, June 2003

    Google Scholar 

  73. S. Myagmar, A. Lee, W. Yurcik, Threat modeling as a basis for security requirements, in Proc. Symp. Requirements Engineering for Information Security (SREIS 05), 2005

    Google Scholar 

  74. P. Myers, Subversion: the neglected aspect of computer security. M.S. thesis, Naval Postgraduate School, Monterey, CA, 1980

    Google Scholar 

  75. National Computer Security Center, Trusted network interpretation of the trusted computer system evaluation criteria, NCSC-TG-005, July 1987

    Google Scholar 

  76. National Computer Security Center, A guide to understanding object reuse in trusted systems. Tech. Rep. NCSC TG-018, National Computer Security Center, Fort George G. Meade, MD, 1991

    Google Scholar 

  77. E.I. Organick, The Multics System: An Examination of Its Structure (MIT Press, Cambridge, 1972)

    Google Scholar 

  78. L.C. Paulson, Isabelle: A Generic Theorem Prover. LNCS, vol. 828 (Springer, Berlin, 1994)

    MATH  Google Scholar 

  79. V. Paxon, Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  80. D. Redell, R. Fabry, Selective Revocation of Capabilities, International Workshop on Protection in Operating Systems, IRIA, 1974

    Google Scholar 

  81. D. Rogers, A framework for dynamic subversion. Master’s thesis, Naval Postgraduate School, Monterey, CA, June 2003

    Google Scholar 

  82. A. Roscoe, CSP and determinism in security modelling, in Proceedings of the IEEE Symposium on Security and Privacy (IEEE Comput. Soc., Los Alamitos, 1995), pp. 114–127

    Google Scholar 

  83. J. Rushby, Design and verification of secure systems. ACM SIGOPS Operating Systems Review, vol. 15, December 1981, p. 12

    Google Scholar 

  84. J. Rushby, S. Owre, N. Shankar, Subtypes for specifications: predicate subtyping in PVS. IEEE Trans. Softw. Eng. 24(9), 709–720 (1998)

    Article  Google Scholar 

  85. J.H. Saltzer, M.D. Schroeder, The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  86. R. Sandu, Analysis of acyclic attenuating systems for the SSR protection model, in Proceedings of the 1985 IEEE Symposium on Security and Privacy, April 1985, pp. 197–206

    Google Scholar 

  87. R.S. Sandhu, The schematic protection model: its definition and analysis for acyclic attenuating schemes. J. ACM 35, 404–432 (1988)

    Article  Google Scholar 

  88. R.R. Schell, P.J. Downey, G.J. Popek, Preliminary notes on the design of secure military computer systems. Tech. Rep. MCI-73-1, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA, 73

    Google Scholar 

  89. R. Schell, T.F. Tao, M. Heckman, Designing the GEMSOS security kernel for security and performance, in Proceedings 8th DoD/NBS Computer Security Conference, 1985, pp. 108–119

    Google Scholar 

  90. D.D. Schnackenberg, Development of a multilevel secure local area network, in Proceedings of the 8th National Computer Security Conference, October 1985, pp. 97–101

    Google Scholar 

  91. M.D. Schroeder, J.H. Saltzer, A hardware architecture for implementing protection rings. Commun. ACM 15(3), 157–170 (1972)

    Article  Google Scholar 

  92. J.S. Shapiro, J.M. Smith, D.J. Farber, EROS: a fast capability system, in SOSP’99: Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles (ACM, New York, 1999), pp. 170–185

    Chapter  Google Scholar 

  93. L.J. Shirley, R.R. Schell, Mechanism sufficiency validation by assignment, in Proceedings 1981 IEEE Symposium on Security and Privacy, Oakland (IEEE Comput. Soc., Los Alamitos, 1981), pp. 26–32

    Google Scholar 

  94. W.R. Shockley, R.R. Schell, TCB subsets for incremental evaluation, in Proceedings Third AIAA Conference on Computer Security, December 1987, pp. 131–139

    Google Scholar 

  95. A. Silberschatz, P.B. Galvin, G. Gagne, Operating System Concepts, 7th edn. (Wiley, New York, 2005)

    Google Scholar 

  96. Snort.org, Snort. http://www.snort.org/, last referenced 22 March 2009

  97. Specware 4.2 Manual, Kestrel Technology, http://www.specware.org/documentation/4.2/languagemanual/SpecwareLanguageManual.pdf, 3 November 2008

  98. J.M. Spivey, Understanding Z: A Specification Language and Its Formal Semantics (Cambridge University Press, Cambridge, 1988)

    MATH  Google Scholar 

  99. D.F. Sterne, On the buzzword “security policy”, in Proceedings of the IEEE Symposium on Research on Security and Privacy, Oakland, CA (IEEE Comput. Soc., Los Alamitos, 1991), pp. 219–230

    Google Scholar 

  100. The Easter Egg Archive, Excel Easter Egg—Excel 97 flight to credits. http://www.eeggs.com/items/718.html, last accessed 19 February 2009

  101. K. Thompson, Reflections on trusting trust. Commun. ACM 27(8), 761–763 (1984)

    Article  Google Scholar 

  102. S. Trimberger, Trusted design in FPGAs, in Proceedings of the 44th Design Automation Conference, San Diego, CA, June 2007

    Google Scholar 

  103. US Department of Commerce and Communications Security Establishment of the Government of Canada, Implementation guidance for FIPS PUB 140-2 and the cryptographic module validation program, initial release: 28 March 2003, last update: 10 March 2009. National Institute of Standards and Technology, Gaithersburg, MD, March 2009

    Google Scholar 

  104. US Department of Commerce, Security requirements for cryptographic modules, Federal Information Processing Standards Publication 140-2. National Institute of Standards and Technology, Gaithersburg, MD, May 2001

    Google Scholar 

  105. US Department of Commerce, Standards for security categorization of federal information and information systems, Federal Information Processing Standards Publication 199. National Institute of Standards and Technology, Gaithersburg, MD, February 2004

    Google Scholar 

  106. US Department of Commerce, Recommended security controls for federal information systems, NIST Special Publication 800-53 Revision 2. National Institute of Standards and Technology, Gaithersburg, MD, December 2007

    Google Scholar 

  107. US Department of Commerce, Security requirements for cryptographic modules, Federal Information Processing Standards Publication 140-3 (Draft: 07-13-2007). National Institute of Standards and Technology, Gaithersburg, MD, July 2007

    Google Scholar 

  108. US Department of Commerce, Security considerations in the system development life cycle, NIST Special Publication 800-64 Revision 2. National Institute of Standards and Technology, Gaithersburg, MD, October 2008

    Google Scholar 

  109. US Department of Commerce, Derived test requirements for FIPS PUB 140-2, Security requirements for cryptographic modules, 24 March 2004, Draft, CMVP program staff (NIST, CSE and CMVP laboratories). National Institute of Standards and Technology, Gaithersburg, MD. http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/fips1402DTR.pdf. Cited 7 April 2009

  110. US Department of Defense, Trusted computer systems evaluation criteria (Orange Book) 5200.28-STD. National Computer Security Center, Fort Meade, MD, Dec. 1985

    Google Scholar 

  111. US Department of Defense, A guide to understanding trusted distribution in trusted systems, version 2, NCSC-TG-008. National Computer Security Center, Fort Meade, MD, December 1988

    Google Scholar 

  112. US Department of Defense, A guide to understanding trusted recovery in trusted systems, version 1, NCSC-TG-022. National Computer Security Center, Fort Meade, MD, December 1991

    Google Scholar 

  113. US Department of Defense, Defense Science Board task force on high performance microchip supply. Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics, Washington, DC, February 2005

    Google Scholar 

  114. US Department of Defense, TRUST in integrated circuits, presolicitation notice, solicitation number: BAA07-24. Defense Advanced Research Project Agency, Microsystems Technology Office, Arlington, VA, March 2007. http://www.darpa.mil/mto/solicitations/baa07-24/index.html, cited 27 Mar 2009

  115. D. Volpano, C. Irvine, Secure flow typing. Comput. Secur. 16(2), 137–144 (1997)

    Article  Google Scholar 

  116. D.R. Wichers, Conducting an object reuse study, in Proceedings of the 13th National Computer Security Conference, October 1990, pp. 738–747

    Google Scholar 

  117. M.V. Wilkes, R.M. Needham, The Cambridge model distributed system. ACM SIGOPS Oper. Syst. Rev. 14(1), 21–29 (1980)

    Article  Google Scholar 

  118. E. Witchel, J. Cates, K. Asanovic, Mondrian memory protection, in Tenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), San Jose, CA, October 2002

    Google Scholar 

  119. C. Zymaris, A comparison of the GPL and the Microsoft EULA. 2003. Cybersource. Retrieved 15 September 2008, from http://www.cybersource.com.au/cyber/about/comparing_the_gpl_to_eula.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Naval Postgraduate School, Cunningham Road 1411, 93943, Monterey, CA, USA

    Dr. Ted Huffmire, Dr. Cynthia Irvine, Thuy D. Nguyen & Timothy Levin

  2. Dept. of Computer Science and Eng., University of California, San Diego, Gilman Drive 9500, 92093, La Jolla, CA, USA

    Dr. Ryan Kastner

  3. Department of Computer Science, UC, Santa Barbara, 93106, Santa Barbara, USA

    Dr. Timothy Sherwood

Authors
  1. Dr. Ted Huffmire
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dr. Cynthia Irvine
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thuy D. Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Timothy Levin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dr. Ryan Kastner
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dr. Timothy Sherwood
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ted Huffmire .

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Huffmire, T., Irvine, C., Nguyen, T.D., Levin, T., Kastner, R., Sherwood, T. (2010). High Assurance Software Lessons and Techniques. In: Handbook of FPGA Design Security. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-9157-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-90-481-9157-4_2

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-90-481-9156-7

  • Online ISBN: 978-90-481-9157-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation